Squid Dynamic ACL

Printable View

2nd March 2010, 04:56 PM
skeep

Squid Dynamic ACL

Hi All,

I have squid setup up running and I want to add IP addresses to a text file and load that into the squid config. Then I can just add a new IP address to the file and it will work without restarting the service.

I have tried this in the config but it is not working:

acl localnet src "path/to/file/trusted_ip.txt"

obviously I changed the path to the correct one!

Am I missing something? The txt file has only one ip address init that I am using to test with:

10.143.20.96/255.255.255.255

If i add this line:

acl localnet src 10.143.20.96/255.255.255.255

It works perfectly however, the ip address will be random and i do not want to have to restart the squid service.

Is this possible?
2nd March 2010, 07:21 PM
keithu

Yes, it's possible but you still have to tell squid to re-read its config file. Either run 'squid -k reconfigure' or send a HUP signal to the running process.

What I do is have a background process running which watches the text file and sends squid a HUP (that's the Unix 'Hang Up' signal) whenever the file's timestamp changes.
3rd March 2010, 09:12 AM
skeep

Thanks for the reply, When I point the conf at the txt file it does not work. If I enter the IP into the conf file directly it works.

Is there anything special I need to do to get IP addresses working from an external file?
3rd March 2010, 09:31 AM
nicklec

slash notation should just be /255 no?
3rd March 2010, 09:33 AM
powdarrmonkey

Quote:

Originally Posted by nicklec

slash notation should just be /255 no?

whut? No. 255.255.255.255 = /32.

Classless Inter-Domain Routing - Wikipedia, the free encyclopedia
3rd March 2010, 09:45 AM
nicklec

Quote:

Originally Posted by powdarrmonkey

whut? No. 255.255.255.255 = /32.

Classless Inter-Domain Routing - Wikipedia, the free encyclopedia

Yeah sorry confused myself, have you added the line below the acl, "http_access allow aclname"?
3rd March 2010, 09:59 AM
keithu

Have you made sure that the running squid process has permission to read the trusted_ip.txt file?
3rd March 2010, 11:08 AM
skeep

It defiantly has permissions to view it. it is very strange that putting it directly in the config works but the txt doesn't!

Not sure what to try next!
3rd March 2010, 03:57 PM
skeep

all working now i started again from scratch and its fine!

Thanks